SlideShare una empresa de Scribd logo

Mirage: Extreme Specialization Of Cloud Appliances

The Linux Foundation
The Linux Foundation

Public compute clouds provide a flexible platform to host applications as a set of appliances, e.g., web servers or databases. Each appliance usually contains an OS kernel and userspace processes, within which applications access resources via APIs such as POSIX. The flexible architecture of the cloud comes at a cost: the addition of another layer in the already complex software stack. This reduces performance and increases the size of the trusted computing base. Our new Mirage operating system proposes a radically different way of building these appliances. Mirage supports the progressive specialisation of functional language (OCaml) application source code, and gradually replaces traditional OS components with type-safe libraries. This ultimately results in “unikernels”: sealed, fixed-purpose images that run directly on the hypervisor without an intervening guest OS such as Lin ux. Developers no longer need to become sysadmins, expert in the configuration of all manner of system components, to use cloud resources. At the same time, they can develop their code using their usual tools, only making the final push to the cloud once they are satisfied their code works. As they explicitly link in components that would normally be provided by the host OS, the resulting unikernels are also highly compact: facilities that are not used are simply not included in the resulting unikernel. For example, the self-hosting Mirage web server image is less than a megabyte in size! We will describe the architecture of Mirage in the talk, show some code examples, and interesting benchmark results that compare the performance of our unikernels to traditional applications such as Apache, BIND and OpenSSH.

Tecnología
1 de 36
Descargar para leer sin conexión
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 1/36 Anil Madhavapeddy University of Cambridge Richard Mortier University of Nottingham Dave Scott Citrix Systems R&D MIRAGE: EXTREME SPECIALISATION OF CLOUD APPLIANCES @avsm @mort___ @mugofsoup http://openmirage.org http://decks.openmirage.org/oscon13/ http://www.youtube.com/watch?v=2Mx8Bd5JYyo
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 2/36 THE CLOUD THREAT MODEL Internet SAN/NAS Tenants SDN
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 3/36 THE CLOUD THREAT MODEL Type-safety in the application layer defeats several external threats. Type-safety in the kernel will make all external I/O safe, but at what cost?
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 4/36 THE CLOUD THREAT MODEL Most attacks never come from within a guest, only from external traffic. So why all these privilege checks?
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 5/36 KEY DESIGN INSIGHTS The hypervisor gifts us a stable hardware interface. Cures the curse of library operating systems! Protocol-level compatibility between special-purpose cloud appliances, e.g. a webserver, a database VM.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 6/36 UNIKERNELS! Virtual machines are UNIX processes “done right” on the cloud.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 7/36 CONTRIBUTIONS The unikernel approach to building single-purpose appliances Library OS + high level programming interface Single-address space layout Evaluation of these techniques using a functional programming language (OCaml) Benefits of type-safety need not damage performance Static typing + modules = high level manipulation Language extensions for systems programming in OCaml
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 8/36 CURRENT VIRTUAL APPLIANCES Compiler has to stop at userspace. Every level has a different API, calling convention, and privilege requirements.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 9/36 SPECIALISED VIRTUAL APPLIANCES
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 10/36 SPECIALISED VIRTUAL APPLIANCES
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 11/36 SPECIALISED VIRTUAL APPLIANCES
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 12/36 PROGRESSIVE SPECIALISATION
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 13/36 MICROBENCHMARKS! Unikernel appliances are: Smaller, both in kLoC & image size Boot faster, at packet round-trip time timescales High performance Type-safe
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 14/36 APPLIANCE IMAGE SIZE Appliance Standard Build Dead Code Elimination DNS 0.449 MB 0.184 MB Web Server 0.674 MB 0.172 MB Openflow learning switch 0.393 MB 0.164 MB Openflow controller 0.392 MB 0.168 MB All configuration and data compiled into the image by the toolchain. Live migration is easy and fun :-)
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 15/36 BOOT TIME Unikernels are compact enough to boot and respond to network traffic in real-time.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 16/36 HOW LARGE IS LARGE?
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 17/36 EVENT DRIVEN CO-THREADS Garbage collected heap management is more efficient in a single address-space environment. Thread latency can be reduced by eliminating multiple levels of scheduling.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 18/36 THREAD SCALING SINGLE INSTANCE Threads are heap allocated values, so benefit from the faster garbage collection cycle in the Mirage Xen version, and the scheduler can be overridden by application-specific needs.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 19/36 BLOCK STORAGE Additionally, reading from a Mirage NAS-like storage VM achieves 942MiB/s buffered, and 1.8GiB/s unbuffered.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 20/36 TECHNIQUES Several implementation techniques give rise to these benefits: Simplified memory management Zero-copy IO buffer management Hypervisor security extension for VM sealing (W^X)
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 21/36 MEMORY MANAGEMENT SPECIALISED! Compiled native source code and runtime statically linked with random start offset. IO memory is mapped into a reserved area and can be distinguished. OCaml heap is contiguous, with simpler write barriers as a result.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 22/36 BUFFER MANAGEMENT ZERO-COPY IO
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 23/36 OPTIONAL VM SEALING Single address-space and no dynamic loading W^X address space Address offsets are randomized at compile-time Dropping page table privileges: Added freeze hypercall called just before app starts Subsequent page table updates are rejected by Xen Exception for I/O mappings if they are non-exec and do not modify any existing mappings Very easy in unikernels due to focus on compile-time specialisation instead of run-time complexity
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 24/36 MACROBENCHMARKS We have implemented several larger appliances. We discuss deens, our DNS server in detail here. We also have: a simple webserver, an OpenFlow Switch, and an OpenFlow Controller.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 25/36 DNS SERVER CODE let main () = lwt zones = read key "zones" "zone.db" in Net.Manager.bind (fun mgr dev -> let src = `any_addr, 53 in Dns.Server.listen dev src zones ) Cooperative threads as functions Statically evaluated configuration Functional callbacks Libraries directly link to network stack
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 26/36 DNS SERVER PERFORMANCE BASELINE Baseline figures, running Bind (standard) and NSD (high performance). NSD achieves around 70 kreqs/s.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 27/36 DNS SERVER PERFORMANCE MIRAGE Comparing against Mirage appliance, with and without simple memoisation. This algorithmic optimisation added just 6 lines of code.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 28/36 DNS SERVER PERFORMANCE C/MINIOS A rudimentary C-based appliance linking NSD directly against MiniOS. Poor user-space library performance vastly outweighs language effects.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 29/36 SCALING VIA PARALLEL INSTANCES Request throughput for serving a simple static page using Apache on Linux vs. a Mirage appliance. Rather than pay the cost of interlocking for thread-level parallelism, we scale by running many instances of the Mirage appliance.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 30/36 OPENFLOW CONTROLLER OpenFlow controller is competitive with NOX (C++), but much higher level. Applications can link directly against the switch to route their data.
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 31/36 SUMMARY OCaml is the baseline language for all new code Our C runtime is small, and getting smaller Is fully event-driven and non-preemptive Rewriting protocols wasn’t that hard Not necessarily the best research strategy though But an extremely useful learning experience Tech transfer is vital Unikernels fit perfectly on the cloud Internet protocol building blocks Seamless interop with legacy code through VMs
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 32/36 PURE OCAML CODE Device drivers netfront, blkfront xenstore Networking/Communication IP/TCP/UDP/DHCP/DNS(SEC) (v4) HTTP, SSH, OpenFlow (controller/switch) vchan IPC Storage NFS, FAT32 distributed k/v store 9P :-) GITHUB.COM/MIRAGE http://arakoon.org
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 33/36 MIRAGE ONLINE Website, Code, O'Reilly OCaml book, OPAM package manager Allows constraints to be applied to package installation Very useful for managing assembly of the many small OCaml modules that construct a Mirage appliance http://www.openmirage.org http://github.com/mirage http://realworldocaml.org http://opam.ocamlpro.com
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 34/36 KEY RESEARCH DIRECTIONS Interoperability — with billions of VMs out there A unikernel per-language? Interconnect strategies? Heap sharing? Formal method integration easier or harder? Coordination — planetary scale computers Resources are highly elastic now. How to coordinate a million microkernels? “Warehouse Scale Computing” Library Applications — where are they? Irminsule, a git-like functional distributed database Beanstalk, a self-scaling web server
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 35/36 WE'RE HIRING! MUST ENJOY OPEN SOURCE! OCamlLabs, Cambridge, UK Real world functional programming with OCaml Need compiler hackers, protocol heads, PL/type theory systems Networks-as-a-Service, University of Nottingham, UK (2 posts, 3 years, deadline Friday August 2nd) Joint with University of Cambridge & Imperial College Network virtualisation for millions of microkernel apps Need Mirage hackers, network protocol experts, graph theorists http://www.cl.cam.ac.uk/projects/ocamllabs http://bit.ly/13sBjjC
7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 36/36 Thanks! Questions? (...and please rate the talk!) HTTP://TWITTER.COM/MORT___

Recomendados

OSCON14: Mirage 2.0
OSCON14: Mirage 2.0 OSCON14: Mirage 2.0
OSCON14: Mirage 2.0 The Linux Foundation
 
LF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesLF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesThe Linux Foundation
 
OWF: Xen - Open Source Hypervisor Designed for Clouds
OWF: Xen - Open Source Hypervisor Designed for CloudsOWF: Xen - Open Source Hypervisor Designed for Clouds
OWF: Xen - Open Source Hypervisor Designed for CloudsThe Linux Foundation
 
The HaLVM: A Simple Platform for Simple Platforms
The HaLVM: A Simple Platform for Simple PlatformsThe HaLVM: A Simple Platform for Simple Platforms
The HaLVM: A Simple Platform for Simple PlatformsThe Linux Foundation
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
 
LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...The Linux Foundation
 
LinuxCon Japan 13 : 10 years of Xen and Beyond
LinuxCon Japan 13 : 10 years of Xen and BeyondLinuxCon Japan 13 : 10 years of Xen and Beyond
LinuxCon Japan 13 : 10 years of Xen and BeyondThe Linux Foundation
 
Xen time machine
Xen time machineXen time machine
Xen time machineThe Linux Foundation
 

Recomendados

OSCON14: Mirage 2.0
OSCON14: Mirage 2.0 OSCON14: Mirage 2.0
OSCON14: Mirage 2.0 The Linux Foundation
 
LF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesLF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesThe Linux Foundation
 
OWF: Xen - Open Source Hypervisor Designed for Clouds
OWF: Xen - Open Source Hypervisor Designed for CloudsOWF: Xen - Open Source Hypervisor Designed for Clouds
OWF: Xen - Open Source Hypervisor Designed for CloudsThe Linux Foundation
 
The HaLVM: A Simple Platform for Simple Platforms
The HaLVM: A Simple Platform for Simple PlatformsThe HaLVM: A Simple Platform for Simple Platforms
The HaLVM: A Simple Platform for Simple PlatformsThe Linux Foundation
 
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
 
LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...LCEU13: Securing your cloud with Xen's advanced security features - George Du...
LCEU13: Securing your cloud with Xen's advanced security features - George Du...The Linux Foundation
 
LinuxCon Japan 13 : 10 years of Xen and Beyond
LinuxCon Japan 13 : 10 years of Xen and BeyondLinuxCon Japan 13 : 10 years of Xen and Beyond
LinuxCon Japan 13 : 10 years of Xen and BeyondThe Linux Foundation
 
Xen time machine
Xen time machineXen time machine
Xen time machineThe Linux Foundation
 
XPDS16: Xen Development Update
XPDS16: Xen Development UpdateXPDS16: Xen Development Update
XPDS16: Xen Development UpdateThe Linux Foundation
 
Erlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stackErlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stackViktor Sovietov
 
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...The Linux Foundation
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedStefano Stabellini
 
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, Arm
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, ArmXPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, Arm
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, ArmThe Linux Foundation
 
XPDS13: Xen on ARM Update - Stefano Stabellini, Citrix
XPDS13: Xen on ARM Update - Stefano Stabellini, CitrixXPDS13: Xen on ARM Update - Stefano Stabellini, Citrix
XPDS13: Xen on ARM Update - Stefano Stabellini, CitrixThe Linux Foundation
 
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...The Linux Foundation
 
Xen Project for ARM Servers
Xen Project for ARM ServersXen Project for ARM Servers
Xen Project for ARM ServersStefano Stabellini
 
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixXPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixThe Linux Foundation
 
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)The Linux Foundation
 
RunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeRunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeStefano Stabellini
 
Metrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMetrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMadhuri Yechuri
 
RunX ELCE 2020
RunX ELCE 2020RunX ELCE 2020
RunX ELCE 2020Stefano Stabellini
 
Aplura virtualization slides
Aplura virtualization slidesAplura virtualization slides
Aplura virtualization slidesThe Linux Foundation
 
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...The Linux Foundation
 
Xen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsXen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsStefano Stabellini
 
kdump: usage and_internals
kdump: usage and_internalskdump: usage and_internals
kdump: usage and_internalsLinuxCon ContainerCon CloudOpen China
 
PVH : PV Guest in HVM container
PVH : PV Guest in HVM containerPVH : PV Guest in HVM container
PVH : PV Guest in HVM containerThe Linux Foundation
 
Advanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAdvanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAnil Madhavapeddy
 
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...The Linux Foundation
 
Highlights and Challenges from Running Spark on Mesos in Production by Morri ...
Highlights and Challenges from Running Spark on Mesos in Production by Morri ...Highlights and Challenges from Running Spark on Mesos in Production by Morri ...
Highlights and Challenges from Running Spark on Mesos in Production by Morri ...Spark Summit
 
Securing the Socks Shop
Securing the Socks ShopSecuring the Socks Shop
Securing the Socks ShopJason Smith
 

Más contenido relacionado

La actualidad más candente

Erlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stackErlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stackViktor Sovietov
 
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...The Linux Foundation
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedStefano Stabellini
 
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, Arm
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, ArmXPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, Arm
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, ArmThe Linux Foundation
 
XPDS13: Xen on ARM Update - Stefano Stabellini, Citrix
XPDS13: Xen on ARM Update - Stefano Stabellini, CitrixXPDS13: Xen on ARM Update - Stefano Stabellini, Citrix
XPDS13: Xen on ARM Update - Stefano Stabellini, CitrixThe Linux Foundation
 
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...The Linux Foundation
 
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixXPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixThe Linux Foundation
 
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)The Linux Foundation
 
RunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeRunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeStefano Stabellini
 
Metrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMetrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMadhuri Yechuri
 
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...The Linux Foundation
 
Xen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsXen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsStefano Stabellini
 
Advanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAdvanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAnil Madhavapeddy
 
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...The Linux Foundation
 

La actualidad más candente (20)

XPDS16: Xen Development Update
XPDS16: Xen Development UpdateXPDS16: Xen Development Update
XPDS16: Xen Development Update
 
Erlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stackErlang on Xen: Redefining the cloud software stack
Erlang on Xen: Redefining the cloud software stack
 
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for Embedded
 
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, Arm
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, ArmXPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, Arm
XPDDS18: The Art of Virtualizing Cache Maintenance - Julien Grall, Arm
 
XPDS13: Xen on ARM Update - Stefano Stabellini, Citrix
XPDS13: Xen on ARM Update - Stefano Stabellini, CitrixXPDS13: Xen on ARM Update - Stefano Stabellini, Citrix
XPDS13: Xen on ARM Update - Stefano Stabellini, Citrix
 
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...
 
Xen Project for ARM Servers
Xen Project for ARM ServersXen Project for ARM Servers
Xen Project for ARM Servers
 
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, CitrixXPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
XPDS14 - Xen on ARM: Status and Performance - Stefano Stabellini, Citrix
 
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)
 
RunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeRunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edge
 
Metrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernelsMetrics towards enterprise readiness of unikernels
Metrics towards enterprise readiness of unikernels
 
RunX ELCE 2020
RunX ELCE 2020RunX ELCE 2020
RunX ELCE 2020
 
Aplura virtualization slides
Aplura virtualization slidesAplura virtualization slides
Aplura virtualization slides
 
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
XPDS14: Removing the Xen Linux Upstream Delta of Various Linux Distros - Luis...
 
Xen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsXen on ARM for embedded and IoT: from secure containers to dom0less systems
Xen on ARM for embedded and IoT: from secure containers to dom0less systems
 
kdump: usage and_internals
kdump: usage and_internalskdump: usage and_internals
kdump: usage and_internals
 
PVH : PV Guest in HVM container
PVH : PV Guest in HVM containerPVH : PV Guest in HVM container
PVH : PV Guest in HVM container
 
Advanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAdvanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and Windows
 
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
XPDDS18: Introducing ViryaOS: Secure Containers for Embedded and IoT - Stefan...
 

Similar a Mirage: Extreme Specialization Of Cloud Appliances

Highlights and Challenges from Running Spark on Mesos in Production by Morri ...
Highlights and Challenges from Running Spark on Mesos in Production by Morri ...Highlights and Challenges from Running Spark on Mesos in Production by Morri ...
Highlights and Challenges from Running Spark on Mesos in Production by Morri ...Spark Summit
 
Securing the Socks Shop
Securing the Socks ShopSecuring the Socks Shop
Securing the Socks ShopJason Smith
 
Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center
Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center
Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center Alaeddine El Fawal
 
DevOpSec_DockerNPodMan-20230220.pdf
DevOpSec_DockerNPodMan-20230220.pdfDevOpSec_DockerNPodMan-20230220.pdf
DevOpSec_DockerNPodMan-20230220.pdfkanedafromparis
 
Sector Sphere 2009
Sector Sphere 2009Sector Sphere 2009
Sector Sphere 2009lilyco
 
sector-sphere
sector-spheresector-sphere
sector-spherexlight
 
Chicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyChicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyMediafly
 
cncf overview and building edge computing using kubernetes
cncf overview and building edge computing using kubernetescncf overview and building edge computing using kubernetes
cncf overview and building edge computing using kubernetesKrishna-Kumar
 
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Ron Munitz
 
From data centers to fog computing: the evaporating cloud
From data centers to fog computing: the evaporating cloudFrom data centers to fog computing: the evaporating cloud
From data centers to fog computing: the evaporating cloudFogGuru MSCA Project
 
Ryan Jarvinen Open Shift Talk @ Postgres Open 2013
Ryan Jarvinen Open Shift Talk @ Postgres Open 2013Ryan Jarvinen Open Shift Talk @ Postgres Open 2013
Ryan Jarvinen Open Shift Talk @ Postgres Open 2013PostgresOpen
 
Cloud, Distributed, Embedded: Erlang in the Heterogeneous Computing World
Cloud, Distributed, Embedded: Erlang in the Heterogeneous Computing WorldCloud, Distributed, Embedded: Erlang in the Heterogeneous Computing World
Cloud, Distributed, Embedded: Erlang in the Heterogeneous Computing WorldOmer Kilic
 
Unikernels - Bristech June 2016
Unikernels - Bristech June 2016 Unikernels - Bristech June 2016
Unikernels - Bristech June 2016 Daniel Drozdzewski
 
mago3D workshop(English) in Thailand , 2018.07
mago3D workshop(English) in Thailand , 2018.07mago3D workshop(English) in Thailand , 2018.07
mago3D workshop(English) in Thailand , 2018.07Gaia3D,Inc.
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionBen Hall
 
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...Modern Data Stack France
 
Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...
Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...
Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...Severalnines
 
Habits of-efficient-developers
Habits of-efficient-developersHabits of-efficient-developers
Habits of-efficient-developersDaniel Lebrero
 

Similar a Mirage: Extreme Specialization Of Cloud Appliances (20)

Highlights and Challenges from Running Spark on Mesos in Production by Morri ...
Highlights and Challenges from Running Spark on Mesos in Production by Morri ...Highlights and Challenges from Running Spark on Mesos in Production by Morri ...
Highlights and Challenges from Running Spark on Mesos in Production by Morri ...
 
Securing the Socks Shop
Securing the Socks ShopSecuring the Socks Shop
Securing the Socks Shop
 
Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center
Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center
Alaeddine El Fawal DR Plan for Private-Cloud Based Data Center
 
DevOpSec_DockerNPodMan-20230220.pdf
DevOpSec_DockerNPodMan-20230220.pdfDevOpSec_DockerNPodMan-20230220.pdf
DevOpSec_DockerNPodMan-20230220.pdf
 
Sector Sphere 2009
Sector Sphere 2009Sector Sphere 2009
Sector Sphere 2009
 
sector-sphere
sector-spheresector-sphere
sector-sphere
 
Chicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyChicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - Mediafly
 
cncf overview and building edge computing using kubernetes
cncf overview and building edge computing using kubernetescncf overview and building edge computing using kubernetes
cncf overview and building edge computing using kubernetes
 
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
 
From data centers to fog computing: the evaporating cloud
From data centers to fog computing: the evaporating cloudFrom data centers to fog computing: the evaporating cloud
From data centers to fog computing: the evaporating cloud
 
Ryan Jarvinen Open Shift Talk @ Postgres Open 2013
Ryan Jarvinen Open Shift Talk @ Postgres Open 2013Ryan Jarvinen Open Shift Talk @ Postgres Open 2013
Ryan Jarvinen Open Shift Talk @ Postgres Open 2013
 
Scaling hadoopapplications
Scaling hadoopapplicationsScaling hadoopapplications
Scaling hadoopapplications
 
Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64
 
Cloud, Distributed, Embedded: Erlang in the Heterogeneous Computing World
Cloud, Distributed, Embedded: Erlang in the Heterogeneous Computing WorldCloud, Distributed, Embedded: Erlang in the Heterogeneous Computing World
Cloud, Distributed, Embedded: Erlang in the Heterogeneous Computing World
 
Unikernels - Bristech June 2016
Unikernels - Bristech June 2016 Unikernels - Bristech June 2016
Unikernels - Bristech June 2016
 
mago3D workshop(English) in Thailand , 2018.07
mago3D workshop(English) in Thailand , 2018.07mago3D workshop(English) in Thailand , 2018.07
mago3D workshop(English) in Thailand , 2018.07
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
 
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
 
Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...
Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...
Slides: Introducing the new ClusterControl 1.2.10 for MySQL, MongoDB and Post...
 
Habits of-efficient-developers
Habits of-efficient-developersHabits of-efficient-developers
Habits of-efficient-developers
 

Más de The Linux Foundation

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleThe Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportThe Linux Foundation
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderThe Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEThe Linux Foundation
 

Más de The Linux Foundation (20)

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather ReportXPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
 

Último

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Último (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Mirage: Extreme Specialization Of Cloud Appliances

  • 1. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 1/36 Anil Madhavapeddy University of Cambridge Richard Mortier University of Nottingham Dave Scott Citrix Systems R&D MIRAGE: EXTREME SPECIALISATION OF CLOUD APPLIANCES @avsm @mort___ @mugofsoup http://openmirage.org http://decks.openmirage.org/oscon13/ http://www.youtube.com/watch?v=2Mx8Bd5JYyo
  • 2. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 2/36 THE CLOUD THREAT MODEL Internet SAN/NAS Tenants SDN
  • 3. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 3/36 THE CLOUD THREAT MODEL Type-safety in the application layer defeats several external threats. Type-safety in the kernel will make all external I/O safe, but at what cost?
  • 4. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 4/36 THE CLOUD THREAT MODEL Most attacks never come from within a guest, only from external traffic. So why all these privilege checks?
  • 5. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 5/36 KEY DESIGN INSIGHTS The hypervisor gifts us a stable hardware interface. Cures the curse of library operating systems! Protocol-level compatibility between special-purpose cloud appliances, e.g. a webserver, a database VM.
  • 6. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 6/36 UNIKERNELS! Virtual machines are UNIX processes “done right” on the cloud.
  • 7. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 7/36 CONTRIBUTIONS The unikernel approach to building single-purpose appliances Library OS + high level programming interface Single-address space layout Evaluation of these techniques using a functional programming language (OCaml) Benefits of type-safety need not damage performance Static typing + modules = high level manipulation Language extensions for systems programming in OCaml
  • 8. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 8/36 CURRENT VIRTUAL APPLIANCES Compiler has to stop at userspace. Every level has a different API, calling convention, and privilege requirements.
  • 9. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 9/36 SPECIALISED VIRTUAL APPLIANCES
  • 10. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 10/36 SPECIALISED VIRTUAL APPLIANCES
  • 11. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 11/36 SPECIALISED VIRTUAL APPLIANCES
  • 12. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 12/36 PROGRESSIVE SPECIALISATION
  • 13. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 13/36 MICROBENCHMARKS! Unikernel appliances are: Smaller, both in kLoC & image size Boot faster, at packet round-trip time timescales High performance Type-safe
  • 14. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 14/36 APPLIANCE IMAGE SIZE Appliance Standard Build Dead Code Elimination DNS 0.449 MB 0.184 MB Web Server 0.674 MB 0.172 MB Openflow learning switch 0.393 MB 0.164 MB Openflow controller 0.392 MB 0.168 MB All configuration and data compiled into the image by the toolchain. Live migration is easy and fun :-)
  • 15. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 15/36 BOOT TIME Unikernels are compact enough to boot and respond to network traffic in real-time.
  • 16. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 16/36 HOW LARGE IS LARGE?
  • 17. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 17/36 EVENT DRIVEN CO-THREADS Garbage collected heap management is more efficient in a single address-space environment. Thread latency can be reduced by eliminating multiple levels of scheduling.
  • 18. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 18/36 THREAD SCALING SINGLE INSTANCE Threads are heap allocated values, so benefit from the faster garbage collection cycle in the Mirage Xen version, and the scheduler can be overridden by application-specific needs.
  • 19. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 19/36 BLOCK STORAGE Additionally, reading from a Mirage NAS-like storage VM achieves 942MiB/s buffered, and 1.8GiB/s unbuffered.
  • 20. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 20/36 TECHNIQUES Several implementation techniques give rise to these benefits: Simplified memory management Zero-copy IO buffer management Hypervisor security extension for VM sealing (W^X)
  • 21. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 21/36 MEMORY MANAGEMENT SPECIALISED! Compiled native source code and runtime statically linked with random start offset. IO memory is mapped into a reserved area and can be distinguished. OCaml heap is contiguous, with simpler write barriers as a result.
  • 22. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 22/36 BUFFER MANAGEMENT ZERO-COPY IO
  • 23. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 23/36 OPTIONAL VM SEALING Single address-space and no dynamic loading W^X address space Address offsets are randomized at compile-time Dropping page table privileges: Added freeze hypercall called just before app starts Subsequent page table updates are rejected by Xen Exception for I/O mappings if they are non-exec and do not modify any existing mappings Very easy in unikernels due to focus on compile-time specialisation instead of run-time complexity
  • 24. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 24/36 MACROBENCHMARKS We have implemented several larger appliances. We discuss deens, our DNS server in detail here. We also have: a simple webserver, an OpenFlow Switch, and an OpenFlow Controller.
  • 25. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 25/36 DNS SERVER CODE let main () = lwt zones = read key "zones" "zone.db" in Net.Manager.bind (fun mgr dev -> let src = `any_addr, 53 in Dns.Server.listen dev src zones ) Cooperative threads as functions Statically evaluated configuration Functional callbacks Libraries directly link to network stack
  • 26. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 26/36 DNS SERVER PERFORMANCE BASELINE Baseline figures, running Bind (standard) and NSD (high performance). NSD achieves around 70 kreqs/s.
  • 27. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 27/36 DNS SERVER PERFORMANCE MIRAGE Comparing against Mirage appliance, with and without simple memoisation. This algorithmic optimisation added just 6 lines of code.
  • 28. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 28/36 DNS SERVER PERFORMANCE C/MINIOS A rudimentary C-based appliance linking NSD directly against MiniOS. Poor user-space library performance vastly outweighs language effects.
  • 29. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 29/36 SCALING VIA PARALLEL INSTANCES Request throughput for serving a simple static page using Apache on Linux vs. a Mirage appliance. Rather than pay the cost of interlocking for thread-level parallelism, we scale by running many instances of the Mirage appliance.
  • 30. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 30/36 OPENFLOW CONTROLLER OpenFlow controller is competitive with NOX (C++), but much higher level. Applications can link directly against the switch to route their data.
  • 31. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 31/36 SUMMARY OCaml is the baseline language for all new code Our C runtime is small, and getting smaller Is fully event-driven and non-preemptive Rewriting protocols wasn’t that hard Not necessarily the best research strategy though But an extremely useful learning experience Tech transfer is vital Unikernels fit perfectly on the cloud Internet protocol building blocks Seamless interop with legacy code through VMs
  • 32. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 32/36 PURE OCAML CODE Device drivers netfront, blkfront xenstore Networking/Communication IP/TCP/UDP/DHCP/DNS(SEC) (v4) HTTP, SSH, OpenFlow (controller/switch) vchan IPC Storage NFS, FAT32 distributed k/v store 9P :-) GITHUB.COM/MIRAGE http://arakoon.org
  • 33. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 33/36 MIRAGE ONLINE Website, Code, O'Reilly OCaml book, OPAM package manager Allows constraints to be applied to package installation Very useful for managing assembly of the many small OCaml modules that construct a Mirage appliance http://www.openmirage.org http://github.com/mirage http://realworldocaml.org http://opam.ocamlpro.com
  • 34. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 34/36 KEY RESEARCH DIRECTIONS Interoperability — with billions of VMs out there A unikernel per-language? Interconnect strategies? Heap sharing? Formal method integration easier or harder? Coordination — planetary scale computers Resources are highly elastic now. How to coordinate a million microkernels? “Warehouse Scale Computing” Library Applications — where are they? Irminsule, a git-like functional distributed database Beanstalk, a self-scaling web server
  • 35. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 35/36 WE'RE HIRING! MUST ENJOY OPEN SOURCE! OCamlLabs, Cambridge, UK Real world functional programming with OCaml Need compiler hackers, protocol heads, PL/type theory systems Networks-as-a-Service, University of Nottingham, UK (2 posts, 3 years, deadline Friday August 2nd) Joint with University of Cambridge & Imperial College Network virtualisation for millions of microkernel apps Need Mirage hackers, network protocol experts, graph theorists http://www.cl.cam.ac.uk/projects/ocamllabs http://bit.ly/13sBjjC
  • 36. 7/31/13 Mirage: Extreme Specialisation of Cloud Appliances file://localhost/Users/mort/research/projects/mirage/src/v2/mirage-decks/files/slides/oscon13/complete.html#/ 36/36 Thanks! Questions? (...and please rate the talk!) HTTP://TWITTER.COM/MORT___